Practical findings from someone who published 18 Chrome extensions over 6 months: what moved installs (titles, short descriptions, screenshots, review prompts) and how the Manifest V2 to V3 migration affects install rates.
Google officially ships Device Bound Session Credentials (DBSC) to all Windows users in Chrome 146. By locking private keys inside the TPM, stolen cookies become useless on any other device.
We have summarized the features that will be released in the stable version of the browser in March 2026, such as scroll trigger animation in Chrome 146, Grid Lanes (Masonry) in Safari 26.4, and CloseWatcher in Firefox 149.
Added --autoConnect option to Chrome DevTools MCP server, allowing coding agents to connect directly to an existing browser session. A deep dive into the background of the MCP vs CLI debate, browser operations with OpenClaw, and the risks of authenticated session delegation.
Google released an emergency update for Chrome 146.0.7680.75 on March 13 to fix two CVSS 8.8 zero-days, both confirmed exploited in the wild. It was Chrome's third emergency patch of 2026.
JPEG-XL revival in Chrome 145 and how to use cjxl, RSA → Elliptic Curve → PQC cryptography transition and Merkle Tree Certificates, WebMCP implementation examples, Chrome zero-day trends, and customizable select elements.
A UAF zero-day in Chrome, critical flaws in four VS Code extensions, and a Microsoft Copilot bug that leaked confidential emails. A review of security risks lurking in developers’ everyday tools.
In its February 2026 KEV catalog update, CISA added four vulnerabilities, including a Google Chrome use-after-free flaw (CVE-2026-2441). One of them dates back 17 years.
